All Downloads are FREE. Search and download functionalities are using the official Maven repository.
  • Log In
  • Register

    • com.unbound.client.kmip.KMIPConnection Maven / Gradle / Ivy

    Go to download

    This is a collection of JAVA libraries that implement Unbound cryptographic classes for JAVA provider, PKCS11 wrapper, cryptoki, and advapi

    There is a newer version: 42761
    Show newest version
    package com.unbound.client.kmip;

import com.unbound.common.HEX;
import com.unbound.common.Log;
import com.unbound.common.crypto.SHA256;
import com.unbound.common.crypto.SystemProvider;

import javax.net.ssl.*;
import java.io.*;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;

import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import java.security.KeyStore;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

class KMIPConnection
{
  private static TrustManager[] trustManagers = null;
  private static boolean hasHeaders = false;
  private static String hdrHostName = "";
  private static String hdrClientIP = "";
  private static String hdrUserName = "";
  private static String hdrClientID = "";

  private HttpURLConnection conn;
  private KMIPServer server;
  private KMIPPartition partition;
  private final Map cookies = new HashMap<>();

  static synchronized void initialize(KeyStore trusted)
  {
    if (trusted == null) return;
    TrustManagerFactory tmf;
    try
    {
      tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
      tmf.init(trusted);
    }
    catch (NoSuchAlgorithmException | KeyStoreException e) { throw new ProviderException(e); }
    trustManagers = tmf.getTrustManagers();
  }

  static synchronized void initialize(String caFileName)
  {
    Log log = Log.func("KMIPHTTPConnection.initialize").log("caFileName", caFileName).end(); try
    {
      if (caFileName == null) return;

      KeyStore trusted = SystemProvider.KeyStore.getInstance("JKS");
      trusted.load(null, null);

      FileInputStream fis = new FileInputStream(caFileName);
      CertificateFactory cf = SystemProvider.CertificateFactory.getInstance("X.509");
      Collection collection = cf.generateCertificates(fis);

      for (Object o : collection)
      {
        X509Certificate cert = (X509Certificate)o;
        String alias = cert.getSubjectDN().getName();
        trusted.setCertificateEntry(alias, cert);
      }

      initialize(trusted);
    }
    catch (Exception e) { log.failed(e); throw new ProviderException(e); } finally { log.leave(); }
  }

  private static synchronized void getHeaders()
  {
    if (hasHeaders) return;
    hdrUserName = System.getProperty("user.name");
    InetAddress inetAddress;
    try { inetAddress = InetAddress.getLocalHost(); }
    catch (UnknownHostException e) {  throw new ProviderException(e); }
    hdrHostName = inetAddress.getHostName();
    hdrClientIP = inetAddress.getHostAddress();
    hdrClientID = HEX.toString(new SHA256().update("AA09AE54-ED04-40E6-9237-F4865C630387").update(hdrHostName).end());
    hasHeaders = true;
  }

  KMIPConnection(KMIPServer server, KMIPPartition partition)
  {
    Log log = Log.func("KMIPConnection").end(); try
    {
      getHeaders();

      this.server = server;
      this.partition = partition;
      try
      {
        conn = (HttpURLConnection) server.getUrl().openConnection();
        if (conn instanceof HttpsURLConnection)
        {
            SSLContext ctx = SSLContext.getInstance("TLSv1.2");
            KeyManager[] keyManagers = partition==null ? null : partition.getKeyManagers();
            ctx.init(keyManagers, trustManagers, new SecureRandom());
            HttpsURLConnection https = (HttpsURLConnection) conn;
            https.setSSLSocketFactory(ctx.getSocketFactory());
        }
      }
      catch (NoSuchAlgorithmException | KeyManagementException | IOException e)
      {
        throw new ProviderException(e);
      }
    }
    catch (Exception e) { log.failed(e); throw new ProviderException(e); } finally { log.leave(); }
  }

  byte[] transmit(byte[] in)
  {
    Log log = Log.func("KMIPHTTPConnection.transmit").end(); try
    {
      conn.setRequestMethod("POST");
      conn.addRequestProperty("Host", server.getUrl().getHost());
      conn.addRequestProperty("Accept", "*/*");
      conn.setRequestProperty("User-Agent", "Unbound Java Provider");
      conn.setRequestProperty("Content-Type", "application/octet-stream");
      conn.addRequestProperty("Connection", "Keep-Alive");

      conn.addRequestProperty("EKM-Host-Name", hdrHostName);
      conn.addRequestProperty("EKM-User-Name", hdrUserName);
      conn.addRequestProperty("EKM-Client-ID", hdrClientID);
      conn.addRequestProperty("EKM-Client-IP", hdrClientIP);
      if (partition!=null) conn.addRequestProperty("EKM-Partition-Name", partition.getName());
      conn.addRequestProperty("EKM-Client-Version", "2.0.2001.0");

      //conn.addRequestProperty("Content-Length", String.valueOf(in.length));

      for (String name : cookies.keySet())
      {
        conn.addRequestProperty("Cookie", name+"="+cookies.get(name));
      }

      conn.setDoOutput(true);
      DataOutputStream outputStream = new DataOutputStream(conn.getOutputStream());
      outputStream.write(in);
      outputStream.flush();
      outputStream.close();

      int responseCode = conn.getResponseCode();
      if (responseCode != HttpURLConnection.HTTP_OK)
      {
        close();
        throw new IOException("HTTP response code = " + responseCode);
      }

      List cookieList = conn.getHeaderFields().get("Set-Cookie");
      if (cookieList!=null)
      {
        for (String cookie : cookieList) setCookie(cookie);
      }

      InputStream input = conn.getInputStream();
      ByteArrayOutputStream temp = new ByteArrayOutputStream();
      int len;
      byte[] buffer = new byte[4096];
      while ((len = input.read(buffer)) != -1)
      {
        temp.write(buffer, 0, len);
      }

      close();
      return temp.toByteArray();
    }
    catch (Exception e) { log.failed(e); throw new ProviderException(e); } finally { log.leave(); }
  }

  private void setCookie(String cookie)
  {
    int end = cookie.indexOf(';');
    cookie = (end<0) ? cookie : cookie.substring(0, end);

    int eq = cookie.indexOf('=');

    String name=null, value=null;
    if (eq==-1) name = cookie;
    else { name = cookie.substring(0, eq); value = cookie.substring(eq+1); }

    name = name.trim();
    value = value.trim();
    if (name==null || name.isEmpty()) return;

    if (value==null || value.isEmpty()) cookies.remove(name);
    else cookies.put(name, value);
  }

  private void close()
  {
    if (conn != null) conn.disconnect();
    conn = null;
    server = null;
    partition = null;
  }

}




    © 2015 - 2025 Weber Informatics LLC | Privacy Policy